Keynotes

Monday, September 16, 2024

Title: On the Security and Privacy of Wireless Systems: Threats and Defenses
foto_Guevara_Noubir

Guevara Noubir

Northeastern University

Abstract: Wireless communication systems have become ubiquitous and are now critical across a wide range of applications. This pervasive presence brings to the forefront significant challenges, not only concerning security and privacy but also in the realm of technology coexistence and spectrum sharing. In this talk, I will present vulnerabilities that we identified in the design and implementation on various wireless systems, including 3GPP 5G, Bluetooth, and avionics systems like ILS and ACARS.

We note that existing wireless security measures typically focus on end-to-end data confidentiality and integrity. However, numerous design flaws remain that expose these systems to privacy breaches and denial-of-service attacks. Such vulnerabilities can allow adversaries to track users, analyze traffic patterns, drain device batteries, and disrupt communication with minimal effort. The increasing availability of software-defined radios and open-source tools has made these attacks accessible even to non-expert adversaries.

Moreover, I will discuss advanced defense mechanisms, particularly how machine learning can be leveraged to enhance spectrum sharing and develop robust anti-jamming techniques. These innovations are crucial as we strive to secure wireless systems against both current and emerging threats.

Mini bio: Guevara Noubir is a Professor at Northeastern University (Boston, MA) within the Khoury College of Computer Sciences and currently serving as the Executive Director of Cybersecurity Programs, and the PI of Northeastern University’s NSA/DHS designated Center of Academic Excellence in Cybersecurity. He received the US National Science Foundation CAREER Award in 2005, Google Faculty Research Award on Privacy in 2016, Northeastern University Excellence in Research and Creative Activity Award 2018, best paper awards at ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2011 and 2018, and the IEEE Conference on Communications and Network Security best paper in 2016. Dr. Noubir led Northeastern University winning teams in the DARPA Spectrum Collaboration Challenge (SC2) in 2017, 2018, and finalist in 2019. He also led Northeastern’s winning team in the DARPA Spectrum Challenge collaborative scenario in 2013. Dr. Noubir chaired the technical program committee of several security conferences including the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), and IEEE Conference on Communications and Network Security. He serve(d) on the editorial boards of ACM Transaction on Privacy and Security, IEEE Transactions on Mobile Computing, Elsevier Journal on Computer Networks, and IEEE Transaction on Information Forensics and Security. His research has been funded by BAE Systems, DARPA, Draper Labs, Microsoft Research, ONR, NSA, NSF, and Raytheon. Dr. Noubir holds a PhD in Computer Science from the Swiss Federal Institute of Technology in Lausanne (EPFL) and MS in CS (diplôme d’ingénieur) from Ecole Nationale Supérieure d’Informatique et de Mathématiques Appliquées de Grenoble (ENSIMAG), France. He held research and visiting positions at CSEM SA, EPFL, Eurecom, MIT, and UNL.

Tuesday, September 17, 2024

Title: Enabling Data-driven Innovation with Synthetic Data
foto_Vyas_Sekar

Vyas Sekar

Carnegie Mellon University

Abstract: Today in computer systems  and security research, lack of access to realistic and diverse data from multiple deployments hampers innovation; e.g., products trained on data not representative of environment, there is no way to quantitatively assess products; machine learning workflows experiences data drift, and product audit/feedback is not quantitative. The result today is poor products, lack of transparency, lots of effort in debugging/reproduction/resolution, and impossibility to share insights across collaborators. 

In this talk, we will discuss our research outcomes on demonstrating the feasibility of using generative or synthetic data using Deep Generative Models   (DGMs) to address these pain points for various tasks (e.g., telemetry, anomaly detection, model training). We have identified and addressed key fidelity, scalability, and privacy challenges and tradeoffs in existing approaches. By synthesizing domain-specific insights with recent advances in machine learning and privacy, we identify design choices to tackle these challenges. In this talk, we will present some of the key results from our work in applying these techniques to systems and security-relevant datasets and use cases.

Mini Bio: Vyas Sekar is the Tan Family Professor of Electrical and Computer Engineering in the ECE Department at CMU. He is also co-founder and Chief Technologist at Rockfish Data, and the Chief Scientist at Conviva.
His research is broadly at the intersection of networks, systems, and security. His work has been recognized with the SIGCOMM Rising Star Award, NSA Science of Security prize, the Intel Outstanding Researcher Award, the SIGCOMM Test of Time Award, and multiple best paper awards.

Wednesday, September 18, 2024

Title: Digital Twin Technology for Cybersecurity: Disruptor, Catalyst, or a Threat?
foto_Rasheed_Hussain_v3

Rasheed Hussain

University of Bristol

Abstract: In the face of increasingly sophisticated cybersecurity threats, traditional countermeasures are no longer sufficient to ensure the security and resilience of digital infrastructure. Emerging threats are rendering existing proactive and reactive security measures insufficient and ineffective. To this end, Digital Twin technology offers a transformative solution for digital infrastructure, providing new opportunities to enhance both security and resilience. By creating digital replicas of physical systems with a required level of fidelity, digital twins enable real-time or even anticipatory threat detection, offering unparalleled visibility into system vulnerabilities and allowing for rapid response. Beyond merely reacting to cyber incidents, digital twins empower organisations to anticipate potential cyberattacks and simulate defense strategies in a risk-free virtual environment. However, a critical question remains: Is the digital twin itself secure enough to serve as a reliable cybersecurity enabler? 

In this talk, I will explore two key areas: how digital twin technology can be leveraged as a cybersecurity enabler and why securing the digital twin is essential for its effectiveness. I will also discuss how Digital Twins can act as cybersecurity co-pilot, driving innovation and becoming an indispensable tool in the ongoing battle against cyber threats. Additionally, I will share insights from our work at the Smart Internet Lab and Bristol Digital Futures Institute (BDFI) at the University of Bristol, UK, where we are utilizing cutting-edge facilities like the Reality Emulator to harness the benefits of Digital Twin technology in telecom networks. Finally, I will address the current challenges and outline the way forward for Digital Twin technology as a cybersecurity enabler.

Mini-bio: I am Rasheed Hussain, Ph.D. (KGSP Scholar), currently working as a Senior Lecturer at the Smart Internet Lab, and Bristol Digital Futures Institute (BDFI), University of Bristol, United Kingdom. I am also with the ESRC Center for Sociodigital Futures (CenSoF)and working on a Technical Affordance Project (TAP) [High-Performance Networks]. 

Before, I worked as an Associate Professor at the Networks and Blockchain Lab, Innopolis University, Innopolis, Russia. I have also worked with the same department as Assistant Professor and also been with System and Network Engineering (SNE), Universiteit van Amsterdam (UvA), Science Park, Amsterdam, Netherlands, and Hanyang University, South Korea.

Thursday, September 19, 2024

Title: The World Runs on Vulnerable Software. How Can We Improve the Situation?
foto_Cristine_Hoepers

Cristine Hoepers

CERT.br

Abstract: The current landscape, characterized by a growing number of vulnerabilities coupled with organizations’ difficulties in applying patches across 100% of their systems, makes it urgent to develop mechanisms not only to identify new vulnerabilities but also to prioritize which patches should be applied immediately and which can wait. Additionally, it is necessary to act in a coordinated manner to protect networks without giving attackers an advantage. This presentation will discuss emerging regulatory requirements in this area (CVD, VDP, SBOM, SCA), various existing frameworks and prioritization metrics (CVSS, EPSS, SSVC), and the importance of ethical and legal aspects that need to be considered when creating or participating in Bug Bounty and CVD programs.

Mini Bio: Cristine Hoepers, Manager of CERT.br, holds a degree in Computer Science from UFSC and a PhD in Applied Computing from INPE. She is also an instructor for CERT/CC courses at Carnegie Mellon University, an auditor for the SIM3 maturity model for CSIRTs, and a board member of the OpenCSIRT Foundation, which maintains SIM3. In the past, she has served on the Board of Directors of FIRST and the Coordination of the Best Practices Forum on CSIRTs at the United Nations’ Internet Governance Forum (IGF). In 2024, she was inducted into the FIRST Incident Response Hall of Fame, and in 2020, she received the Mary Litynski Award from M3AAWG for her work in enhancing Internet resilience.